cvelistv5 - cve-2008-0122

CVE-2008-0122 (GCVE-0-2008-0122)

Vulnerability from cvelistv5

Published

2008-01-16 01:00

Modified

2024-08-07 07:32

Severity ?

CWE

Summary

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

References

URL

Tags

	http://secunia.com/advisories/28579	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=429149	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-0300.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/27283	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/30538	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/487000/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/203611	third-party-advisory, x_refsource_CERT-VN
	http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc	vendor-advisory, x_refsource_FREEBSD
	http://www.vupen.com/english/advisories/2008/0703	vdb-entry, x_refsource_VUPEN
	http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/1743/references	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190	vdb-entry, signature, x_refsource_OVAL
	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/28429	third-party-advisory, x_refsource_SECUNIA
	https://issues.rpath.com/browse/RPL-2169	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1019189	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow	x_refsource_CONFIRM
	http://secunia.com/advisories/28487	third-party-advisory, x_refsource_SECUNIA
	http://www.isc.org/index.pl?/sw/bind/bind-security.php	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/39670	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/30313	third-party-advisory, x_refsource_SECUNIA
	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167	x_refsource_CONFIRM
	http://secunia.com/advisories/30718	third-party-advisory, x_refsource_SECUNIA
	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488	x_refsource_CONFIRM
	http://secunia.com/advisories/29323	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/29161	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0193	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/28367	third-party-advisory, x_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:24.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28579",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28579"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429149"
          },
          {
            "name": "RHSA-2008:0300",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0300.html"
          },
          {
            "name": "27283",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27283"
          },
          {
            "name": "30538",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30538"
          },
          {
            "name": "20080124 rPSA-2008-0029-1 bind bind-utils",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487000/100/0/threaded"
          },
          {
            "name": "VU#203611",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/203611"
          },
          {
            "name": "FreeBSD-SA-08:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc"
          },
          {
            "name": "ADV-2008-0703",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0703"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm"
          },
          {
            "name": "ADV-2008-1743",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1743/references"
          },
          {
            "name": "oval:org.mitre.oval:def:10190",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190"
          },
          {
            "name": "FEDORA-2008-0904",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html"
          },
          {
            "name": "28429",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2169"
          },
          {
            "name": "1019189",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019189"
          },
          {
            "name": "SUSE-SR:2008:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile123640\u0026label=AIX%20libc%20inet_network%20buffer%20overflow"
          },
          {
            "name": "28487",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28487"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
          },
          {
            "name": "freebsd-inetnetwork-bo(39670)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39670"
          },
          {
            "name": "30313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30313"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4167"
          },
          {
            "name": "30718",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30718"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
          },
          {
            "name": "29323",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29323"
          },
          {
            "name": "238493",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1"
          },
          {
            "name": "29161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29161"
          },
          {
            "name": "ADV-2008-0193",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0193"
          },
          {
            "name": "28367",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28367"
          },
          {
            "name": "FEDORA-2008-0903",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "28579",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28579"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429149"
        },
        {
          "name": "RHSA-2008:0300",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0300.html"
        },
        {
          "name": "27283",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27283"
        },
        {
          "name": "30538",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30538"
        },
        {
          "name": "20080124 rPSA-2008-0029-1 bind bind-utils",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487000/100/0/threaded"
        },
        {
          "name": "VU#203611",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/203611"
        },
        {
          "name": "FreeBSD-SA-08:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc"
        },
        {
          "name": "ADV-2008-0703",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0703"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm"
        },
        {
          "name": "ADV-2008-1743",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1743/references"
        },
        {
          "name": "oval:org.mitre.oval:def:10190",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190"
        },
        {
          "name": "FEDORA-2008-0904",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html"
        },
        {
          "name": "28429",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2169"
        },
        {
          "name": "1019189",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019189"
        },
        {
          "name": "SUSE-SR:2008:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile123640\u0026label=AIX%20libc%20inet_network%20buffer%20overflow"
        },
        {
          "name": "28487",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28487"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
        },
        {
          "name": "freebsd-inetnetwork-bo(39670)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39670"
        },
        {
          "name": "30313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30313"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4167"
        },
        {
          "name": "30718",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30718"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
        },
        {
          "name": "29323",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29323"
        },
        {
          "name": "238493",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1"
        },
        {
          "name": "29161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29161"
        },
        {
          "name": "ADV-2008-0193",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0193"
        },
        {
          "name": "28367",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28367"
        },
        {
          "name": "FEDORA-2008-0903",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2008-0122",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28579",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28579"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=429149",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429149"
            },
            {
              "name": "RHSA-2008:0300",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0300.html"
            },
            {
              "name": "27283",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27283"
            },
            {
              "name": "30538",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30538"
            },
            {
              "name": "20080124 rPSA-2008-0029-1 bind bind-utils",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487000/100/0/threaded"
            },
            {
              "name": "VU#203611",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/203611"
            },
            {
              "name": "FreeBSD-SA-08:02",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc"
            },
            {
              "name": "ADV-2008-0703",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0703"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm"
            },
            {
              "name": "ADV-2008-1743",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1743/references"
            },
            {
              "name": "oval:org.mitre.oval:def:10190",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190"
            },
            {
              "name": "FEDORA-2008-0904",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html"
            },
            {
              "name": "28429",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28429"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2169",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2169"
            },
            {
              "name": "1019189",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019189"
            },
            {
              "name": "SUSE-SR:2008:006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile123640\u0026label=AIX%20libc%20inet_network%20buffer%20overflow",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile123640\u0026label=AIX%20libc%20inet_network%20buffer%20overflow"
            },
            {
              "name": "28487",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28487"
            },
            {
              "name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php",
              "refsource": "CONFIRM",
              "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
            },
            {
              "name": "freebsd-inetnetwork-bo(39670)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39670"
            },
            {
              "name": "30313",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30313"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4167",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4167"
            },
            {
              "name": "30718",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30718"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
            },
            {
              "name": "29323",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29323"
            },
            {
              "name": "238493",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1"
            },
            {
              "name": "29161",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29161"
            },
            {
              "name": "ADV-2008-0193",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0193"
            },
            {
              "name": "28367",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28367"
            },
            {
              "name": "FEDORA-2008-0903",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2008-0122",
    "datePublished": "2008-01-16T01:00:00.000Z",
    "dateReserved": "2008-01-07T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:32:24.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-020

Vulnerability from certfr_avis

De multiples vulnérabilités affectent FreeBSD. Ces vulnérabilités peuvent être exploitées afin d'exécuter des commandes arbitraires à distance ou accéder à des informations sensibles en local.

Description

Trois vulnérabilités ont été découvertes dans FreeBSD :

la première résulte d'une erreur de gestion de limite de boucle (off-by-one) au niveau de la fonction inet_network(). Cette vulnérabilité peut être exploitée à distance par un utilisateur malintentionné afin d'exécuter du code ;
la seconde est due à une erreur dans la fonction openpty(). Cette vulnérabilité peut être exploitée en local afin d'accéder à des informations confidentielles pour un utilisateur standard ;
enfin, la dernière vulnérabilité est due à une erreur dans le fonction ptsname(). Cette vulnérabilité peut être exploitée en local afin de devenir propriétaire d'un pty à accès restreint.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

FreeBSD 6.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité FreeBSD du 14 janvier 2008	None	vendor-advisory
Bulletin de sécurité FreeBSD SA-08:01.pty du 14 janvier 2008 :	-	other
Bulletin de sécurité FreeBSD SA-08:02.libc du 14 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eFreeBSD 6.x.\u003c/p\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans FreeBSD :\n\n-   la premi\u00e8re r\u00e9sulte d\u0027une erreur de gestion de limite de boucle\n    (off-by-one) au niveau de la fonction inet_network(). Cette\n    vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e \u00e0 distance par un utilisateur\n    malintentionn\u00e9 afin d\u0027ex\u00e9cuter du code ;\n-   la seconde est due \u00e0 une erreur dans la fonction openpty(). Cette\n    vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e en local afin d\u0027acc\u00e9der \u00e0 des\n    informations confidentielles pour un utilisateur standard ;\n-   enfin, la derni\u00e8re vuln\u00e9rabilit\u00e9 est due \u00e0 une erreur dans le\n    fonction ptsname(). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e en local\n    afin de devenir propri\u00e9taire d\u0027un pty \u00e0 acc\u00e8s restreint.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0216"
    },
    {
      "name": "CVE-2008-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0122"
    },
    {
      "name": "CVE-2008-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0217"
    }
  ],
  "initial_release_date": "2008-01-15T00:00:00",
  "last_revision_date": "2008-01-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD SA-08:01.pty du 14 janvier    2008 :",
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-08:01.pty.asc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD SA-08:02.libc du 14 janvier    2008 :",
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-08:02.libc.asc"
    }
  ],
  "reference": "CERTA-2008-AVI-020",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent FreeBSD. Ces vuln\u00e9rabilit\u00e9s\npeuvent \u00eatre exploit\u00e9es afin d\u0027ex\u00e9cuter des commandes arbitraires \u00e0\ndistance ou acc\u00e9der \u00e0 des informations sensibles en local.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de FreeBSD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 FreeBSD du 14 janvier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-039

Vulnerability from certfr_avis

Une vulnérabilité dans ISC BIND permet à un utilisateur malintentionné de provoquer un déni de service ou potentiellement d'exécuter du code arbitraire.

Description

Une faille a été identifiée dans une fonction de la bibliothèque libbind fournie avec le serveur DNS : BIND. Cette vulnérabilité peut conduire à une corruption de mémoire permettant ainsi à un utilisateur malintentionné de provoquer un déni de service ou, selon l'éditeur, d'exécuter du code arbitraire.

Il est à noter que la fonction vulnérable n'étant pas mise en œuvre par BIND lui même, le serveur n'est pas vulnérable. Seules des applications s'appuyant sur la bibliothèque libbind et sur cette fonction seront vulnérables.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ISC	BIND	BIND 9.2 (toutes versions) ;
ISC	BIND	BIND 9.1 (toutes versions) ;
ISC	BIND	BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4 ;
ISC	BIND	BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5, 9.5.0a6, 9.5.0a7, 9.5.0b1.
ISC	BIND	BIND 8.x (toutes versions) ;
ISC	BIND	BIND 9.4.0, 9.4.1, 9.4.2 ;
ISC	BIND	BIND 9.0 (toutes versions) ;

References

Title

Publication Time

Tags

Bulletin de sécurité ISC du 18 janvier 2008	None	vendor-advisory
Bulletin de sécurité ISC BIND du 18 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIND 9.2 (toutes versions) ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND 9.1 (toutes versions) ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4 ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5, 9.5.0a6, 9.5.0a7, 9.5.0b1.",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND 8.x (toutes versions) ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND 9.4.0, 9.4.1, 9.4.2 ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND 9.0 (toutes versions) ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne faille a \u00e9t\u00e9 identifi\u00e9e dans une fonction de la biblioth\u00e8que libbind\nfournie avec le serveur DNS : BIND. Cette vuln\u00e9rabilit\u00e9 peut conduire \u00e0\nune corruption de m\u00e9moire permettant ainsi \u00e0 un utilisateur\nmalintentionn\u00e9 de provoquer un d\u00e9ni de service ou, selon l\u0027\u00e9diteur,\nd\u0027ex\u00e9cuter du code arbitraire.\n\nIl est \u00e0 noter que la fonction vuln\u00e9rable n\u0027\u00e9tant pas mise en \u0153uvre par\nBIND lui m\u00eame, le serveur n\u0027est pas vuln\u00e9rable. Seules des applications\ns\u0027appuyant sur la biblioth\u00e8que libbind et sur cette fonction seront\nvuln\u00e9rables.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0122"
    }
  ],
  "initial_release_date": "2008-01-28T00:00:00",
  "last_revision_date": "2008-01-28T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ISC BIND du 18 janvier 2008 :",
      "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
    }
  ],
  "reference": "CERTA-2008-AVI-039",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans ISC BIND permet \u00e0 un utilisateur malintentionn\u00e9\nde provoquer un d\u00e9ni de service ou potentiellement d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans ISC BIND",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ISC du 18 janvier 2008",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0122 (GCVE-0-2008-0122)

Vulnerability from cvelistv5

CERTA-2008-AVI-020

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-039

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature